Accessing protected content for archiving

ABSTRACT

According to one embodiment of the present invention, a system for accessing protected content includes a first computing device with at least one processor. The system determines one or more users associated with information required to access content of a protected document based on a set of rules. A request is generated and sent to at least one second computing device associated with the one or more determined users to retrieve and utilize the required information to access the content of the protected document. Embodiments of the present invention further include a method and computer program product for accessing protected content in substantially the same manner described above.

BACKGROUND

1. Technical Field

Present invention embodiments relate to archiving content, and morespecifically, to accessing protected content (e.g., password protection,encryption or encoding, access restrictions, etc.) in order to archivethat content.

2. Discussion of the Related Art

Compliance archiving is the process of capturing corporate data, such aselectronic mail (e-mail) messages or files, from a shared file system oruser workstation. This data may later serve as evidence in legal cases.A full-text search index is typically created over the archived data toenable content searches to be performed based on keywords. The contentsearches require that text content of the data be accessible by anarchive system.

In the case of compliance archiving for e-mail messages, a mechanismreferred to as e-mail journaling is frequently used in which e-mailsystems of the corporation create a copy of every e-mail message that issent or received across a corporate network in order to archive thesemessages. However, the e-mail message sent by a user may be encryptedwith the sender's and/or the recipient's credentials. Thus, no systemsother than the e-mail system have appropriate credentials to decrypt thee-mail contents. Accordingly, the journal copy of the e-mail message isencrypted and cannot be used for compliance content searches since thecontents of an encrypted e-mail message cannot be parsed and added tothe full text index, nor can such an e-mail message be restored and readby anybody other than the designated recipients or sender. If therecipients or sender are no longer employees of the corporation, it maybe impossible to access the content of the encrypted e-mail message.

Although a policy may be provided in which a corporate user account isalways given appropriate access credentials to every e-mail message thatis encrypted by a corporate e-mail system, implementation of suchpolicies is difficult and may not always be possible.

In the case of performing archiving for legal compliance and discovery,content of encrypted documents cannot be text indexed for searchingpurposes and, therefore, this content cannot be searched and foundeasily. These documents can be of various kinds of document types thathave been encrypted by the document originator or owner (e.g., textdocuments, spread sheets, archive files such as .zip files, etc.). Inmost cases, the only way to get access to content of encrypted documentsis by requesting the originator or owner of the document to provide adecrypted version or a decryption key.

In a compliance archiving scenario, a significant compliance risk occurswhen asking a user for a decrypted version of a document. This resultsfrom the possibility that the content of the provided decrypted documentdoes not reflect the content of the original encrypted version. In orderto verify the content of the decrypted document, as digital signatureover the original content would have to be generated before that contentwas encrypted. However, the generation of the digital signature does notoccur for most applications and cannot be generated once the content hasbeen encrypted.

Although automatic or manual decryption of a document may be employed,the automatic decryption is limited to specific kinds of encryption andapplications, while manual decryption (e.g., requesting users tomanually remove encryption) cannot guarantee integrity of the decrypteddocument.

BRIEF SUMMARY

According to one embodiment of the present invention, a system foraccessing protected content includes a first computing device with atleast one processor. The system determines one or more users associatedwith information required to access content of a protected documentbased on a set of rules. A request is generated and sent to at least onesecond computing device associated with the one or more determined usersto retrieve and utilize the required information to access the contentof the protected document. Embodiments of the present invention furtherinclude a method and computer program product for accessing protectedcontent in substantially the same manner described above.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

Generally, like reference numerals in the various figures are utilizedto designate like components.

FIG. 1 is a diagrammatic illustration of an example computingenvironment of an embodiment of the present invention for archivingencrypted e-mail messages.

FIG. 2 is a procedural flow chart illustrating a manner of decrypting anencrypted e-mail message for archiving content of that e-mail messageaccording to an embodiment of the present invention.

FIG. 3 is a diagrammatic illustration of an example computingenvironment of an embodiment of the present invention for archivingprotected documents.

FIG. 4 is a procedural flow chart illustrating a manner of accessingcontent of a protected document for archiving that content according toan embodiment of the present invention.

DETAILED DESCRIPTION

Present invention embodiments enable corporations, companies,organizations, or other entities to transparently decrypt encryptede-mail messages by leveraging end-user credentials available on anend-user e-mail client application. Alternatively, the end-user can beasked for permission to enable the e-mail client application to decryptthe encrypted e-mail message or other encrypted content on acase-by-case basis.

Present invention embodiments may further provide access to files andother content that is discovered as protected content (e.g., passwordprotected, encrypted or encoded, access restrictions, etc.) in anenterprise during archiving or other operations. The owner or originatorof the protected content (e.g., password protected, encrypted orencoded, access restrictions, etc.) is identified, and a request is sentto the owner or originator to provide the content to be archived.

Thus, present invention embodiments enable access to protected content(e.g., password protected, encrypted or encoded, access restrictions,etc.) without having information required to access the content (e.g.,passwords, decryption keys, etc.).

An example computing environment for a present invention embodiment thatdecrypts encrypted e-mail messages for archiving is illustrated inFIG. 1. Specifically, computing environment 100 includes an e-mailserver system 110, an archiving system 120, a decryption server system130, and one or more client or end-user systems 140. Server systems 110,130, archiving system 120, and client systems 140 may be remote fromeach other and communicate over connections of a network 112. Thenetwork may be implemented by any number of any suitable communicationsmedia (e.g., wide area network (WAN), local area network (LAN),Internet, Intranet, etc.). Alternatively, server systems 110, 130,archiving system 120, and client systems 140 may be local to each other,and communicate via any appropriate local communication medium (e.g.,local area network (LAN), hardwire, wireless link, Intranet, etc.).

E-mail server system 110 may be implemented by any conventional or otherelectronic mail server and (e.g., along with an e-mail clientapplication) provides an e-mail system that enables users to send andreceive e-mail messages. Archiving system 120 archives or stores thee-mail messages sent and received via e-mail server system 110. Thee-mail server system may employ e-mail journaling, where copies of thee-mail messages are provided in order to be archived. The archivingsystem includes a repository 122 to store the e-mail messages, anindexing module 124 to generate an index for the stored e-mail messagesto perform searching, an archiving component or module 126 to controlarchiving of the e-mail messages in repository 122, and an encryptiondetection component or module 128 to determine the presence of encryptede-mail messages. Repository 122 may be implemented by any conventionalor other database or storage unit, may be local to or remote fromarchiving system 120, and may communicate via any appropriatecommunication medium (e.g., local area network (LAN), wide area network(WAN), Internet, hardwire, wireless link, Intranet, etc.).

Decryption server system 130 includes a policy engine module 132 todetermine users to receive a request for decrypting an encrypted e-mailmessage detected by archiving system 120. The decryption server systemfurther sends the request to client systems 140 of the determined usersto facilitate decryption of the encrypted e-mail message. A databasesystem 136 may store various information for the determination (e.g.,rules, constraints, additional information (e.g., directories,organizational charts, etc.)). The database system may be implemented byany conventional or other database or storage unit, may be local to orremote from decryption server system 130, and may communicate via anyappropriate communication medium (e.g., local area network (LAN), widearea network (WAN), Internet, hardwire, wireless link, Intranet, etc.).

Client systems 140 may present a graphical user (e.g., GUI, etc.) orother interface (e.g., command line prompts, menu screens, etc.) tosolicit information from users pertaining to reception and transmissionof e-mail messages (e.g., creating, editing, deleting, moving, storing,archiving, sending, receiving, displaying, etc.). The client systemsinclude an agent module 142 (preferably within an e-mail clientapplication) that receives the decryption request from decryption server130 and prompts a user for permission to enable the agent module todecrypt the encrypted e-mail message based on user credentials withinthe e-mail system. Alternatively, the encrypted e-mail message mayautomatically be decrypted (without prompting the user) by the agentmodule based on various criteria (e.g., configurable rules or policies,parameters, etc.). Once the encrypted e-mail message is decrypted, theagent module sends the decrypted e-mail message to archiving system 120for archiving.

Server systems 110, 130, archiving system 120, and client systems 140may be implemented by any conventional or other computer systemspreferably equipped with a display or monitor, a base (e.g., includingat least one processor 115, one or more memories 135 and/or internal orexternal network interfaces or communications devices 125 (e.g., modem,network cards, etc.)), optional input devices (e.g., a keyboard, mouseor other input device), and any commercially available and customsoftware (e.g., server/communications software, browser/interfacesoftware, agent module, policy engine module, encryption detectioncomponent or module, archiving component or module, indexing module,etc.).

The modules (e.g., agent module, policy engine module, encryptiondetection component or module, archiving component or module, indexingmodule, etc.) of computing environment 100 may include one or moremodules or units to perform the various functions of present inventionembodiments described below. These various modules (e.g., agent module,policy engine module, encryption detection component or module,archiving component or module, indexing module, etc.) may be implementedby any combination of any quantity of software and/or hardware modulesor units, and may reside within memory 135 of the server, archivingand/or client systems for execution by corresponding processor 115.

A manner of archiving encrypted e-mail messages (e.g., via archivingsystem 120, decryption server system 130, and client systems 140 andtheir corresponding modules) is illustrated in FIG. 2. Specifically, ane-mail message from e-mail server system 110 is received by archivingsystem 120 at step 205. The e-mail server system may perform e-mailjournaling to create copies of e-mail messages to be archived. Thearchiving system archives or stores (e.g., via archiving component 126)the received e-mail message in repository 122 (e.g., regardless of thepresence of encryption). This enables an encrypted e-mail message to bestored in an encrypted original form (e.g., this occurs as part of thearchiving transaction) to ensure that the original e-mail message isalways archived successfully in its entirety. The encrypted e-mailmessage may be searched based on metadata (e.g., the sender or recipientinformation) provided by the e-mail server system in unencrypted form.

Encryption detection component 128 of archiving system 120 examines thereceived e-mail message for encryption at step 210. For example, e-mailserver system 110 may set a flag within an e-mail message to indicatethat the e-mail message is encrypted. The encryption detection componentexamines the state of this flag within the received e-mail message todetermine the presence of encryption. When the e-mail message is notencrypted, the unencrypted e-mail message is processed and indexed bythe archiving system (e.g., via indexing component 124 and/or archivingcomponent 126) at step 240 to enable keyword or content searching of thee-mail message.

If the e-mail message is encrypted as determined at step 210, a requestis sent from encryption detection component 128 of archiving system 120to decryption server system 130 to determine one or more users able todecrypt the encrypted e-mail message at step 215. The request mayinclude various information pertaining to the e-mail message (e.g.,sender, recipients, sender and recipient mail boxes on the e-mail serversystem, etc.). Policy engine module 132 of the decryption server systemdetermines the users to decrypt the e-mail message in response to therequest. The policy engine module may utilize rules, statistics and/orexternal data sources (e.g., a directory service, etc.) to determine astrategy to use for generating decryption requests that are sent tospecific users. For example, a decryption request may be sent to thesender and/or all recipients of the e-mail message. Alternatively,various constraints or rules may be employed to determine the users toreceive the decryption requests. By way of example, the constraints orrules may include: sending one decryption request in order to minimizethe impact on end-users; excluding external users (e.g., users externalof an entity (e.g., corporation, company, organization, etc.)) from thedecryption process; distributing decryption requests across availableusers (e.g., considering all decryption requests that have beengenerated); excluding users which are unavailable (e.g., due tovacation, sickness or other configurable reason according to theircalendar) from the decryption process; generating another decryptionrequest for a different user when the initial user does not respond to adecryption request within a certain time interval (e.g., days, etc.);based on the entity, one or more users are chosen from a remaining list;select users from different entity departments or groups or with thegreatest hierarchical distance within the entity organization (e.g.,this maximizes the chance that fraud can be detected when inconsistentresponses to the decryption request are returned since it is unlikelythat users are aware of the request and can synchronize on fakeresponses); and in the case of a manual decryption of an attachment(e.g., provide an uncompressed version of a zip file attachment which ispassword protected), proceed until a certain number (e.g., three ormore, etc.) responses have been retrieved.

Once the users to receive the decryption request have been determined,the decryption request is generated and sent from decryption serversystem 130 to client systems 140 of the determined users at step 220.The decryption request may include various information pertaining todecryption of the e-mail message (e.g., information pertaining to theuser for accessing user credentials, time stamp, message identifier,etc.). In order to ensure that the e-mail message is decrypted even if aparticular user is not available (e.g. the user is out of the office,the e-mail client application is not reachable, etc.), the decryptionrequest can be sent to plural users serially or in parallel (e.g., thesender and all recipients of the e-mail message that are members of thee-mail system of an entity), and one or more of the client systems maybe required to respond to the decryption request as described below.

Agent module 142 of client systems 140 receives and processes thedecryption request, and preferably executes on the client systems aspart of a standard e-mail client application associated with e-mailserver system 110. When the agent module receives the decryptionrequest, the agent module checks for user permission to decrypt theencrypted e-mail message at step 225. For example, the agent module mayprompt the user via a user interface (e.g., GUI, menu, line prompt,etc.) to request permission to decrypt the encrypted e-mail message. Ifpermission for decryption is denied as determined at step 225, archivingsystem 120 is notified and flags (e.g., via archiving component 126) thee-mail message in the archive (or repository 122) (e.g., with a flagindicating that the decryption was denied by a user) at step 227. Thismay allow for additional processing (e.g., resend the decryptionrequest, determine other users who may provide permission, etc.).

Once permission for decryption is obtained, the agent module retrievesthe encrypted e-mail message from the e-mail system (e.g., via themessage identifier) and decrypts that message using the end-usercredentials of the e-mail system at step 230. Alternatively, the usermay configure the agent module, or set a parameter, to automatically andtransparently decrypt the encrypted e-mail message (without a userprompt) using the end-user credentials.

Once the encrypted e-mail message is decrypted, the agent modulesubsequently sends the decrypted e-mail message to archiving system 120at step 235. In order to protect the decrypted content, the agent modulemay encrypt the decrypted content based on credentials of the archivingsystem. In this case, the archiving system utilizes the credentials todecrypt the encrypted content to retrieve the decrypted e-mail messagecontents.

The archiving system processes and archives the decrypted content of theencrypted e-mail message (e.g., via indexing component 124 and/orarchiving component 126) at step 237. The decryption request can be sentto a single user for a response (e.g., decrypted e-mail message) fromthe client system, or to a plurality of users serially or in parallel,where one or more of the client systems associated with the plurality ofusers may be required to respond to the decryption request. In the caseof plural users receiving the decryption request, a first receivedresponse may be sufficient to provide the decrypted e-mail message.Alternatively, the decrypted e-mail message from client systemsassociated with two or more of the plural users may be compared toverify the decryption, where the decrypted e-mail message may beselected from the version provided by any quantity of the plural users(e.g., a majority, at least a certain quantity, etc.). If a decryptionrequest is not responded to from a sufficient quantity of the contactedclient systems during a configurable time period (or the decryptede-mail message cannot be verified), the e-mail message may be flagged inthe archive (or repository 122) with a corresponding status flag inorder to allow for additional processing (e.g., resend the decryptionrequest, determine other users, etc.).

Once the decrypted e-mail message is received, the archiving system isresponsible for, and has to ensure the security of the decryptedcontent. Accordingly, the archiving system may encrypt the decryptedcontent with its own security mechanism via any conventional or otherencryption/decryption techniques). Further, an implicit or explicit linkbetween the archived encrypted and decrypted e-mail messages isestablished in the archiving system. In order to enable content searchesfor encrypted e-mail messages, the decrypted content is added to a fulltext index via indexing module 124. In addition, the decrypted contentcan be exported as evidence in legal cases and leveraged to render apreview of the encrypted e-mail message.

The present invention embodiments may be applied to other data sourcesand/or systems employing encryption and decryption, or other protectionsfor data. For example, operating system components may encrypt data(e.g., files, file system, etc.) and present invention embodiments maybe utilized to decrypt that data via user and/or operating systemcredentials in substantially the same manner described above (e.g., anagent module of a client system may process decryption requests andtransparently (or with user permission) decrypt the data using thecorresponding operating system credentials). Further, the e-mailmessages or other data may include one or more access restrictions(e.g., password protection, user permissions/access restrictions, accesscontrol list (ACL), etc.), and present invention embodiments may utilizeend-user credentials or other information within the e-mail or othersystems to transparently (or with user permission) access the protectedcontent and provide an unprotected version. Thus, present inventionembodiments enable access to content of protected data (e.g., encryptedor encoded, password protected, access restricted, etc.) withoutknowledge of the information needed to provide the content (e.g., keys,passwords, etc.).

Present invention embodiments may further enable access to content ofprotected documents (e.g., encrypted or encoded, password protected,access restrictions (e.g., ACL, etc), etc.) for archiving. This isaccomplished without storing keys and passwords, but guaranteeing theintegrity of the resulting data. For example, present inventionembodiments may provide access to a document (e.g., .pdf, .zip or otherfile) that may be password protected by an application without knowledgeof the password. Further, present invention embodiments may providedecryption of an encrypted document without knowledge of theencryption/decryption keys.

An access server system offers a sandbox (e.g., a remote session orvirtual desktop with limited capabilities) to a client system of a userthat has appropriate information to provide access to a protecteddocument in order to access the document content. This sandbox isautomatically configured with the protected document and is presented tothe user through a tightly controlled interface (e.g., a limited remotedesktop session). The interface allows the user to provide the necessarycredentials (e.g., a password needed by the native application (e.g. IBMSymphony for an .odt text document, etc.)) to the application installedin the sandbox to open and/or decrypt the protected document. Inaddition, the interface presents a read-only view of the document to theuser for validation of the document contents.

The only active operation the user can perform within the sandbox is tosubmit the appropriate information (e.g., password, decryptioncredentials, etc.) to access the protected document. All otheroperations are blocked, and the user is limited to read only access.Since the document is hosted on the access server system, no content ordocument transfer to the client system or workstation of the user isrequired, and the content of the document cannot be altered. Thisguarantees that the resulting version of the document contains the samecontent as the original protected version of the document.

Since the sandbox is based on a remote session, it is not runninglocally on a client system, but rather, directly on the access serversystem. Thus, the sandbox can be provided to internal users of an entity(e.g., corporation, company, organization, etc.) as well as externalusers (e.g., a user already left the entity, the document was encryptedby a customer and keys are not internally available, etc.).

Once the document content has been accessed (e.g., opened, decrypted,etc.) in the sandbox, the sandbox notifies an archiving system about theaccess. The archiving system reprocesses the unprotected documentcontent (e.g., archiving, indexing, etc.), and any unprotected contentis removed automatically from the sandbox and the sandbox issubsequently destroyed.

Based on a system configuration, an administrator or other user candecide when the access process should be initiated (e.g., before initialarchiving or anytime after archiving). Since protected archiveddocuments are flagged in the archive and in the archive index, a searchsystem can search for and return a number of protected documents whenthe access process is performed after initial archiving.

An example computing environment for a present invention embodiment thataccesses content of protected documents for archiving is illustrated inFIG. 3. Specifically, computing environment 300 includes one or moredata sources 310, an archiving system 320, an access server system 330,and one or more client or end-user systems 340. Data sources 310,archiving system 320, access server system 330, and client systems 340may be remote from each other and communicate over connections of anetwork 112. The network may be implemented by any number of anysuitable communications media (e.g., wide area network (WAN), local areanetwork (LAN), Internet, Intranet, etc.). Alternatively, data sources310, archiving system 320, access server system 330, and/or clientsystems 340 may be local to each other, and communicate via anyappropriate local communication medium (e.g., local area network (LAN),hardwire, wireless link, Intranet, etc.).

Data sources 310 may be implemented by any conventional or other storagestructures or systems (e.g., server systems, databases, e-mail systems,file systems, etc.) that contain documents (e.g., pages, files, or anyother structures that contain data). Archiving system 320 archives orstores documents from data sources 310. The archiving system includesrepository 122 to store the documents, indexing module 124 to generatean index for the stored documents to perform searching, and archivingcomponent or module 126 to control archiving of the documents inrepository 122, each substantially similar to the correspondingcomponents described above. Archiving system 320 further includes aprotection detection component or module 328 to determine the presenceof protected documents. Repository 122 may be implemented by anyconventional or other database or storage unit, may be local to orremote from archiving system 320, and may communicate via anyappropriate communication medium (e.g., local area network (LAN), widearea network (WAN), Internet, hardwire, wireless link, Intranet, etc.).

Access server system 330 includes a policy engine module 332 todetermine users to receive a request for accessing content of aprotected document detected by archiving system 320. The access serversystem further includes a remote session module 334 to provide a sandboxor limited remote desktop session 350 for an owner or originator of theprotected document to facilitate access to contents of the protecteddocument. A database system 336 may store various information for thedetermination (e.g., rules, constraints, additional information (e.g.,directories, organizational charts, etc.)). The database system may beimplemented by any conventional or other database or storage unit, maybe local to or remote from access server system 330, and may communicatevia any appropriate communication medium (e.g., local area network(LAN), wide area network (WAN), Internet, hardwire, wireless link,Intranet, etc.).

Client systems 340 may present a graphical user (e.g., GUI, etc.) orother interface (e.g., command line prompts, menu screens, etc.) toprovide sandbox 350 and solicit information from users pertaining toaccess of the contents of a protected document. Once the contents of theprotected document are accessed, the access server system sends thecontent to archiving system 320 for archiving.

Data sources 310, archiving system 320, access server system 330, andclient systems 340 may be implemented by any conventional or othercomputer systems preferably equipped with a display or monitor, a base(e.g., including at least one processor 315, one or more memories 335and/or internal or external network interfaces or communications devices325 (e.g., modem, network cards, etc.)), optional input devices (e.g., akeyboard, mouse or other input device), and any commercially availableand custom software (e.g., server/communications software,browser/interface software, policy engine module, remote session module,protection detection component or module, archiving component or module,indexing module, etc.).

The modules (e.g., policy engine module, remote session module,protection detection component or module, archiving component or module,indexing module, etc.) of computing environment 300 may include one ormore modules or units to perform the various functions of presentinvention embodiments described below. These various modules (e.g.,policy engine module, remote session module, protection detectioncomponent or module, archiving component or module, indexing module,etc.) may be implemented by any combination of any quantity of softwareand/or hardware modules or units, and may reside within memory 335 ofthe server, archiving and/or client systems for execution bycorresponding processor 315.

A manner of archiving protected documents (e.g., via archiving system320, access server system 330, and client systems 340 and theircorresponding modules) is illustrated in FIG. 4. Specifically, adocument from data source 310 is received by archiving system 320 atstep 405. The archiving system archives or stores (e.g., via archivingcomponent 126) the received document in repository 122 (e.g., regardlessof the presence of protection). This enables a protected document to bestored in a protected original form to ensure that the original documentis always archived successfully in its entirety. The protected documentmay be searched based on metadata (e.g., the owner or originatorinformation) provided by the data source. Alternatively, the documentmay be archived after a determination (e.g., by protection detectioncomponent 328 of archiving system 320) of the presence of a protecteddocument at step 410.

Protection detection component 328 of archiving system 320 examines thereceived document for the presence of protective measures (e.g.,password protection, encryption or encoding, access restrictions, etc.)at step 410. For example, the protection detection component may includea conventional or other tool to detect the presence of a protecteddocument. Alternatively, the protection detection component may examinethe file format or content of the document for comparison against astandard to determine the presence of a protected document, in addition,data source 310 may set a flag within a document to indicate that thedocument is protected (e.g., password or other protection, encrypted orencoded, etc.). The protection detection component may examine the stateof this flag within the received document to determine the presence of aprotected document.

When the document is not protected as determined at step 410, theunprotected document is processed and indexed at step 440 (e.g., viaindexing component 124 and/or archiving component 126 of archivingsystem 320) to enable keyword or content searching of the document.

When the document is protected as determined at step 410, a request issent from the protection detection component 328 of archiving system 320to access server system 330 to determine one or more users able toaccess the contents of the protected document at step 415. The requestmay include various information pertaining to the document (e.g., theowner or originator of the document, document identifier, user withaccess rights (or within an ACL), sender and/or recipients of thedocument in case of an e-mail or document transfer, etc.).

Policy engine module 332 of the access server system determines theusers able to access the contents of the protected document. Forexample, the policy engine module may analyze document metadata (ifavailable) to identify potential users capable of accessing the contentof the protected document. The access server system may further includeadditional information for use in determining the users (e.g.,organizational structure, corporate or other directory, etc). Moreover,the policy engine module may utilize rules, statistics and/or externaldata sources (e.g., a directory service, etc.) to determine a strategyto use for generating access requests that are sent to specific users.For example, constraints or rules may include excluding external users(e.g., users external of an entity (e.g., corporation, company,organization, etc.)) from the access process; excluding users which areunavailable (e.g., due to vacation, sickness or other configurablereason according to their calendar) from the access process; generatinganother access request for a different user when the initial user doesnot respond to an access request within a certain time interval (e.g.,days, etc.); and generating access requests for two or more users in thesame or different departments or groups of an entity (e.g., corporation,company, organization, etc.) and comparing resulting documents.

The access server system (e.g., via remote session module 334) furtherprepares a sandbox 350 for presentation to determined users at step 420based on the protected document content from repository 122. The sandboxprovides a virtual desktop to client systems of the determined userswith the application needed to access contents of the protecteddocument. The creation of the sandbox can be achieved, by way ofexample, using virtual machines and templates (e.g., VMWare virtualmachines (VM) and VMWare templates). For example, in order to create asandbox for accessing a password protected .pdf document, anadministrator or other user creates a new virtual machine with anoperating system and software (e.g., ACROBAT READER) installed to openthe protected document. This virtual machine is stored as a template tobe reusable for this document type. The administrator or other usercreates a template for various document types to be encountered by thearchiving system. The access server system instantiates the templatecorresponding to the document type of the protected document received bythe archiving system. When a template does not exist for a document typeof a protected document, the access server system may notify theadministrator or other user to provide a template corresponding to thatdocument type.

The virtual machine further contains software to control interactioncommands and rules with the sandbox. The administrator or other userfurther defines a set of approved commands and rules that a clientsystem is able to execute within the sandbox (e.g., the client systemcannot close/restart applications, etc.). The rules may be entered via arules editor of access server system 330. In addition, the administratoror other user can record some user interactions or steps, where therecording is played when the client system accesses the sandbox. Therecording stops when user input is required, and continues uponreceiving the input. The client system is not allowed to perform anyactions within the sandbox other than watching the recording andproviding input at specific steps (e.g., a password prompt, etc.).

Once the sandbox is instantiated and the users to receive the accessrequest have been determined, the access request is generated and sentfrom access server system 330 to client systems 340 of the determinedusers at step 425. The access server system automatically sends theaccess requests to the determined users, or queues the tasks for anadministrator or other user that sends the access requests to thedetermined users (if no automatic determination of users is possible).The access request may be of any form and include various information toaccess the sandbox. For example, the access request may be in the formof an e-mail message with a link or Uniform Resource Locator (URL) toaccess the sandbox.

In order to ensure that the document is accessed even if a particularuser is not available (e.g. the user is out of the office, the clientsystem is not reachable, etc.), the access request can be sent to pluralusers serially or in parallel (e.g., the owners or originators, userswith access rights, etc.), and one or more of the users may be requiredto respond to the access request as described below.

The determined users receive the access request on client systems 340,typically including a notification requesting access to some protecteddocuments and a link or URL to the sandbox. A determined user actuatesthe link (or otherwise utilizes the URL in a browser or otherapplication) at step 430 to access the sandbox on access server system330 in a remote session that allows the user to provide information(e.g., password, decryption key, etc.) to access (e.g., open, decrypt,etc.) the protected document. The sandbox basically provides a remotevirtual desktop (e.g., WINDOWS or other desktop) on the client systemwith limited capabilities.

In particular, upon being accessed by a user on a client system, theaccess server system (e.g., via remote session module 334) retrieves theprotected document from repository 122. (e.g., via the documentidentifier), uses the virtual machine template for the protecteddocument to run an image to provide the sandbox or virtual desktop onthat client system, and applies the protected document to the virtualmachine. Various scripts may launch the sandbox with an applicationbased on the document type. When the protected document is being openedby the appropriate application executing in the sandbox, a request ispresented by the application to the user in order to obtain the requiredinformation (e.g., password, decryption keys, etc.) for the applicationto unprotect the document (e.g., open, decrypt, etc.) and access thedocument content. The virtual machine status is presented to the clientsystem in response to accessing the sandbox. The rules prevent theclient system from performing any modifications to the document or otheroperations within the application.

Integrity of the unprotected document within the sandbox is ensured bypreventing actions by the client system within the sandbox that modifythe unprotected document. Specifically, when the user interacts with thesandbox using the remote session, commands received by the sandbox fromthe client system (e.g., Remote Desktop Protocol (RDP) commands) arefiltered by the access server system (e.g., via remote session module334) to allow only approved commands to be processed and executed withinthe sandbox. The approved commands are configured by an administrator orother user during creation of the sandbox as described above, and maydiffer between different sandbox content (e.g., may differ betweensandboxes of different document types).

The filtering may include explicit filtering (e.g., prevent specifickeystrokes (e.g., filter tab, etc.), prevent specific mouse moves (e.g.,the cursor cannot leave or enter an area, etc,)) and implicit filtering(e.g., detect if the focus moves to a different window, detect if theremote session is in an invalid state (e.g., an error pop-up window ispresented and gains focus, etc.)). The remote session module interceptscommunication between the client system and access server system, whereeach command (describing an action to perform) from the user during theremote session is evaluated against the approved commands and/or one ormore sets of rules. The rules are configured by an administrator orother user during creation of the sandbox as described above, and maydiffer between different sandbox content (e.g., may differ betweensandboxes of different document types).

By way of example, the rules may include: basic rules (e.g., preventfocus change); and/or application specific rules (e.g., preventapplication specific commands (e.g., not allow editing of text contentof a text document)). Only allowed commands (e.g., commands that havenot been filtered) are processed and executed within the sandbox (e.g.,a user can only enter a password and hit enter, a user cannot changefocus or edit the data, etc.), thereby preserving the integrity of anunprotected document. If a constraint violation is detected (e.g., anunpermitted command is executed), the remote session is terminated sincethe filtering has presumably been bypassed.

Alternatively, the recording of user interactions or steps created bythe administrator or other user may be played when the client systemaccesses the sandbox. The recording stops when user input is required,and continues upon receiving the input. The client system is not allowedto perform any actions within the sandbox other than watching therecording and providing input at specific steps (e.g., a password or keyprompt, etc) via filtering of commands in substantially the same mannerdescribed above.

Once the appropriate information has been provided by a user to theapplication within the sandbox, the application unprotects (e.g., opens,decrypts, etc.) the document, and access server system 330 sends theunprotected document to archiving system 330 at step 435. The archivingsystem processes the unprotected document (e.g., via indexing component124 and/or archiving component 126) at step 437. In order to protect thedecrypted content, the access server system may encrypt the unprotectedcontent based on credentials of the archiving system. In this case, thearchiving system utilizes the credentials to decrypt the encryptedcontent to retrieve the document contents.

The access request can be sent to a single user for a response (e.g.,unprotected document), or to a plurality of users serially or inparallel, where one or more of the plurality of users may be required torespond to the access request. In the case of plural users receiving theaccess request, a first received response may be sufficient to providethe unprotected document. Alternatively, the unprotected document fromtwo or more of the plural users may be compared to verify the document,where the unprotected document may be selected from the version providedby any quantity of the plural users (e.g., a majority, at least acertain quantity, etc.). If an access request is not responded to from asufficient quantity of the contacted users during a configurable timeperiod (or the document cannot be verified), the protected document maybe flagged in the archive (or repository 122) with a correspondingstatus flag in order to allow for additional processing (e.g., resendthe access request, determine other users, etc.).

At this point, the archiving system is responsible for, and has toensure the security of the unprotected document. Accordingly, thearchiving system may encrypt the unprotected document with its ownsecurity mechanism (e.g., via any conventional or otherencryption/decryption techniques), and/or provide access restrictions(e.g., an access control list (ACL)). Further, an implicit or explicitlink between the archived protected document and the unprotecteddocument is established in the archiving system to preserve the relationbetween alternative representations. In addition, the archiving systemindexes the unprotected document (e.g., via indexing module 124) toenable the protected document to be searchable (e.g., for eDiscovery,etc.). During the indexing, the unprotected content may be flagged witha delta index to enable only authorized users to access this unprotectedcontent.

The received document may further contain one or more protecteddocuments therein (e.g., e-mail messages may contain protected and/orunprotected attachments (e.g., .zip files may contain extracted .pdffiles, etc.)). Further, the contained documents may similarly containone or more protected documents (e.g., an e-mail message containinganother e-mail message with one or more protected documents, etc.) toprovide one or more nested levels of protected and/or unprotecteddocuments. Protection detection component 328 of archiving system 330detects the presence of one or more protected documents within thesenested levels, where each protected document is processed to access andarchive content of that protected document (e.g., via the sandbox) insubstantially the same manner described above. Unprotected documentscontained within the nested levels are simply processed (e.g., indexingand storage) by the archiving system in order to be archived inrepository 122 in substantially the same manner described above.

It will be appreciated that the embodiments described above andillustrated in the drawings represent only a few of the many ways ofimplementing embodiments for accessing protected content for archiving.

The environments of the present invention embodiments may include anynumber of computer or other processing systems (e.g., client or end-usersystems, server systems, etc.) and databases or other repositoriesarranged in any desired fashion, where the present invention embodimentsmay be applied to any desired type of computing environment (e.g., cloudcomputing, client-server, network computing, mainframe, stand-alonesystems, etc.). The data sources may be implemented by any suitable datastorage structures or systems by themselves, or in combination with oneor more computer systems. The computer or other processing systemsemployed by the present invention embodiments may be implemented by anynumber of any personal or other type of computer or processing system(e.g., desktop, laptop, PDA, mobile devices, etc.), and may include anycommercially available operating system and any combination ofcommercially available and custom software (e.g., browser software,communications software, server software, agent module, policy enginemodule, remote session module, encryption detection component or module,protection detection component or module, archiving component or module,indexing module, rules editor, etc.). These systems may include anytypes of monitors and input devices (e.g., keyboard, mouse, voicerecognition, etc.) to enter and/or view information.

It is to be understood that the software (e.g., agent module, policyengine module, remote session module, encryption detection component ormodule, protection detection component or module, archiving component ormodule, indexing module, etc) of the present invention embodiments maybe implemented in any desired computer language and could be developedby one of ordinary skill in the computer arts based on the functionaldescriptions contained in the specification and flow charts illustratedin the drawings. Further, any references herein of software performingvarious functions generally refer to computer systems or processorsperforming those functions under software control. The computer systemsof the present invention embodiments may alternatively be implemented byany type of hardware and/or other processing circuitry.

The various functions of the computer or other processing systems may bedistributed in any manner among any number of software and/or hardwaremodules or units, processing or computer systems and/or circuitry, wherethe computer or processing systems may be disposed locally or remotelyof each other and communicate via any suitable communications medium(e.g., LAN, WAN, Intranet, Internet, hardwire, modem connection,wireless, etc). For example, the functions of the present inventionembodiments may be distributed in any manner among the variousend-user/client, archiving and server systems, and/or any otherintermediary processing devices. The software and/or algorithmsdescribed above and illustrated in the flow charts may be modified inany manner that accomplishes the functions described herein. Inaddition, the functions in the flow charts or description may beperformed in any order that accomplishes a desired operation.

The software of the present invention embodiments (e.g., agent module,policy engine module, remote session module, encryption detectioncomponent or module, protection detection component or module, archivingcomponent or module, indexing module, etc.) may be available on anon-transitory computer readable or useable medium (e.g., magnetic oroptical mediums, magneto-optic mediums, floppy diskettes, CD-ROM, DVD,memory devices, etc.) of a stationary or portable program productapparatus or device for use with stand-alone systems or systemsconnected by a network or other communications medium.

The communication network may be implemented by any number of any typeof communications network (e.g., LAN, WAN, Internet, Intranet, VPN,etc.). The computer or other processing systems of the present inventionembodiments may include any conventional or other communications devicesto communicate over the network via any conventional or other protocols.The computer or other processing systems may utilize any type ofconnection (e.g., wired, wireless, etc.) for access to the network.Local communication media may be implemented by any suitablecommunication media (e.g., local area network (LAN), hardwire, wirelesslink, Intranet, etc.).

The system may employ any cumber of any conventional or other databases,data stores or storage structures (e.g., files, databases, datastructures, data or other repositories, etc.) to serve as the datasources, repository and database system and store information (e.g.,archived documents, policies, rules, original documents, entityinformation, etc.). The database system and repository may beimplemented by any number of any conventional or other databases, datastores or storage structures (e.g., files, databases, data structures,data or other repositories, etc.) to store information (e.g., policies,rules, archived documents, entity information, etc.). The databasesystem may be included within or coupled to the server, archiving,and/or client systems. The database systems and/or storage structuresmay be remote from or local to the computer or other processing systems,and may store any desired data (e.g., policies, rules, entityinformation, etc.).

The documents may be of any form (e.g., file, data structure, page,e-mail or other message, etc.) and format (e.g., .pdf, text ormultimedia document, .zip, etc.) and include any quantity of any desiredinformation. The document may include any quantity of protecteddocuments in any quantity of nested levels. The protected document maybe contained within the document content, as an attachment to thedocument, or associated with the document in any fashion (e.g., a linkor reference to a contained document, etc.). The presence of protectivemeasures may be determined in any manner (e.g., flags, comparison ofcontent/format to a reference, a tool, etc). The various flags (e.g.,encryption/protection, permission denied, insufficient or unverifiedresponse, etc.) may be of any form and include any information toindicate a state.

Present invention embodiments may be applied to any conventional orother type of e-mail systems and archiving systems that archive anydesired data. Further, present invention embodiments may be utilized toaccess protected content of any suitable data items for any desiredoperations or systems. The content may be protected in any of one ormore manners (e.g., encrypted or encoded, password protected, accessrestrictions, etc.), where the archiving or other system does not haveknowledge of the complete information to access the protected content.For example, the archiving or other system may have no knowledge, orknowledge of any portion, of the information (e.g., password,encryption/decryption keys, etc.) needed to access the protected content(e.g., of a document, e-mail or other message, file, etc.).

The rules may be of any quantity, type or format, and may include anyquantity and/or combination of constraints to determine any quantity ofusers (and/or systems) for decrypting e-mails or other messages, oraccessing content of protected documents. Further, any suitablestatistical or other techniques (alone or in combination with the rules)may be applied to determine the users (and/or systems). The variousrequests (e.g., request to decryption/access server system, accessrequest, decryption request, etc.) may be of any format and include anydesired information. The requests (e.g., to the decryption and accessservers) may include any document or message identifiers and/or includethe entire or any portion of the message or document. The identifiersmay include any information to identify the protected message ordocument. The access request may include any desired identifier toenable access of the sandbox (e.g., URL, link, pointer, etc.).

The access and decryption requests may be sent to a single user, or to aplurality of users in any fashion (e.g., serially, in parallel, etc.).Further, any quantity of users/client systems may be required to respondto the access and decryption requests. In the case of plural usersreceiving the access or decryption request, a first received responsemay be sufficient. Alternatively, the resulting documents or e-mailmessages from the plural users may be compared for verification, wherethe resulting unprotected document or decrypted e-mail message may beselected from the version provided by any quantity of the plural users(e.g., a majority, at least a certain quantity, etc.).

Any type of user interface (e.g., Graphical User Interface (GUI),command-line, prompt, etc.) may be employed for obtaining user or otherpermission to access protected content, where the interface may includeany information arranged in any fashion. Further, the agent module maybe pre-configured to automatically access an encrypted or otherwiseprotected e-mail message (without requesting user permission), or checka parameter (e.g., configurable by the user or system) indicating apermission requirement prior to accessing protected content. Permissionmay be requested based on any suitable rules or conditions.

The sandbox may be implemented by any type of user interface (e.g.,Graphical User Interface (GUI), command-line, prompt, remote desktop,etc.) for obtaining or providing information (e.g., password, decryptionkeys, etc.), where the interface may include any information arranged inany fashion. The sandbox may initiate any application capable ofaccessing content of a protected document. The sandbox templates may beof any quantity, type or format, and may be associated with a documentbased on any document properties (e.g., type, etc.). The operationsenabled within the sandbox or other interface may be limited in anydesired fashion. Any directives for actions (e.g., commands,instructions, key strokes, peripheral motion or input, etc.) may befiltered or otherwise processed based on any desired information (e.g.,approved command or operation lists, etc.) to limit operations performedwithin the sandbox or other interface. Further, rules may be employed tolimit operations within the sandbox. The rules may be of any quantity,type or format, and may include any quantity and/or combination ofconstraints. The rules may be used alone or in combination with thefiltering.

The present invention embodiments may employ any number of any type ofuser interface (e.g., Graphical User Interface (GUI), command-line,prompt, etc.) for obtaining information to access protected content(e.g., user permission, password, decryption keys, etc.), where theinterface may include any information arranged in any fashion. Theinterface may include any number of any types of input or actuationmechanisms (e.g., buttons, icons, fields, boxes, links, etc.) disposedat any locations to enter/display information and initiate desiredactions via any suitable input devices (e.g., mouse, keyboard, etc.).The interface screens may include any suitable actuators (e.g., links,tabs, etc.) to navigate between the screens in any fashion.

The present invention embodiments are not limited to the specific tasksor algorithms described above, but may be utilized by any systems (e.g.,e-mail, archiving, processing, communications, etc.) for accessingcontent protected in any manner, where at least a portion of theinformation required to access the protected content is known externalof those systems by a user and/or other system (e.g., e-mail system,sender/recipient of a message/file, originator or owner of adocument/file, etc.). Present invention embodiments may be combined inany fashion to handle various combinations of protected documents. Forexample, an encrypted e-mail message may include a protected document asan attachment. In this example case, the e-mail content may be decryptedby a present invention embodiment in cooperation with an e-mail systemas described above, while the protected attachment may be accessed by apresent invention embodiment employing a sandbox or other interface asdescribed above.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the invention. Asused herein, the singular forms “an” and “the” are intended to includethe plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”,“comprising”, “includes”, “including”, “has”, “have”, “having”, “with”and the like, when used in this specification, specify the presence ofstated features, integers, steps, operations, elements, and/orcomponents, but do not preclude the presence or addition of one or moreother features, integers, steps, operations, elements, components,and/or groups thereof.

The corresponding structures, materials, acts, and equivalents of allmeans or step plus function elements in the claims below are intended toinclude any structure, material, or act for performing the function incombination with other claimed elements as specifically claimed. Thedescription of the present invention has been presented for purposes ofillustration and description, but is not intended to be exhaustive orlimited to the invention in the form disclosed. Many modifications andvariations will be apparent to those of ordinary skill in the artwithout departing from the scope and spirit of the invention. Theembodiment was chosen and described in order to best explain theprinciples of the invention and the practical application, and to enableothers of ordinary skill in the art to understand the invention forvarious embodiments with various modifications as are suited to theparticular use contemplated.

The descriptions of the various embodiments of the present inventionhave been presented for purposes of illustration, but are not intendedto be exhaustive or limited to the embodiments disclosed. Manymodifications and variations will be apparent to those of ordinary skillin the art without departing from the scope and spirit of the describedembodiments. The terminology used herein was chosen to best explain theprinciples of the embodiments, the practical application or technicalimprovement over technologies found in the marketplace, or to enableothers of ordinary skill in the art to understand the embodimentsdisclosed herein.

As will be appreciated by one skilled in the art, aspects of the presentinvention may be embodied as a system, method or computer programproduct. Accordingly, aspects of the present invention may take the formof an entirely hardware embodiment, an entirely software embodiment(including firmware, resident software, micro-code, etc.) or anembodiment combining software and hardware aspects that may allgenerally be referred to herein as a “circuit,” “module” or “system.”Furthermore, aspects of the present invention may take the form of acomputer program product embodied in one or more computer readablemedium(s) having computer readable program code embodied thereon.

Any combination of one or more computer readable medium(s) may beutilized. The computer readable medium may be a computer readable signalmedium or a computer readable storage medium. A computer readablestorage medium may be, for example, but not limited to, an electronic,magnetic, optical, electromagnetic, infrared, or semiconductor system,apparatus, or device, or any suitable combination of the foregoing. Morespecific examples (a non-exhaustive list) of the computer readablestorage medium would include the following: an electrical connectionhaving one or more wires, a portable computer diskette, a hard disk, arandom access memory (RAM), a read-only memory (ROM), an erasableprogrammable read-only memory (EPROM or Flash memory), an optical fiber,a portable compact disc read-only memory (CD-ROM), an optical storagedevice, a magnetic storage device, or any suitable combination of theforegoing. In the context of this document, a computer readable storagemedium may be any tangible medium that can contain, or store a programfor use by or in connection with an instruction execution system,apparatus, or device.

A computer readable signal medium may include a propagated data signalwith computer readable program code embodied therein, for example, inbaseband or as part of a carrier wave. Such a propagated signal may takeany of a variety of forms, including, but not limited to,electro-magnetic, optical, or any suitable combination thereof. Acomputer readable signal medium may be any computer readable medium thatis not a computer readable storage medium and that can communicate,propagate, or transport a program for use by or in connection with aninstruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmittedusing any appropriate medium, including but not limited to wireless,wireline, optical fiber cable, RF, etc., or any suitable combination ofthe foregoing.

Computer program code for carrying out operations for aspects of thepresent invention may be written in any combination of one or moreprogramming languages, including an object oriented programming languagesuch as Java, Smalltalk, C++ or the like and conventional proceduralprogramming languages, such as the “C” programming language or similarprogramming languages. The program code may execute entirely on theuser's computer, partly on the user's computer, as a stand-alonesoftware package, partly on the user's computer and partly on a remotecomputer or entirely on the remote computer or server. In the latterscenario, the remote computer may be connected to the user's computerthrough any type of network, including a local area network (LAN) or awide area network (WAN), or the connection may be made to an externalcomputer (for example, through the Internet using an Internet ServiceProvider).

Aspects of the present invention are described with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems) and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a machine, such that the instructions, which execute via theprocessor of the computer or other programmable data processingapparatus, create means for implementing the functions/acts specified inthe flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in a computerreadable medium that can direct a computer, other programmable dataprocessing apparatus, or other devices to function in a particularmanner, such that the instructions stored in the computer readablemedium produce an article of manufacture including instructions whichimplement the function/act specified in the flowchart and/or blockdiagram block or blocks.

The computer program instructions may also be loaded onto a computer,other programmable data processing apparatus, or other devices to causea series of operational steps to be performed on the computer, otherprogrammable apparatus or other devices to produce a computerimplemented process such that the instructions which execute on thecomputer or other programmable apparatus provide processes forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof code, which comprises one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat, in some alternative implementations, the functions noted in theblock may occur out of the order noted in the figures. For example, twoblocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

1-7. (canceled)
 8. A system for accessing protected content comprising:a first computing device with at least one processor configured to:determine one or more users associated with information required toaccess content of a protected document based on a set of rules; andgenerate and send a request to at least one second computing deviceassociated with the one or more determined users to retrieve and utilizethe required information to access the content of the protecteddocument.
 9. The system of claim 8, wherein the protected document isprotected via at least one of encryption and password protection. 10.The system of claim 8, further comprising: a second computing deviceincluding at least one processor configured to: request permission toaccess the content of the protected document from a determined userassociated with the second computing device and access the content inresponse to obtaining the permission.
 11. The system of claim 8, whereinthe at least one processor of the first computing device is furtherconfigured to: provide an interface to receive the required informationfrom a determined user and utilize the received information to accessthe content of the protected document.
 12. The system of claim 11,wherein the interface includes a virtual desktop with an applicationthat requests and utilizes the required information to access thecontent of the protected document.
 13. The system of claim 12, whereinthe at least one processor of the first computing device is furtherconfigured to: limit operations on the virtual desktop to preventmodification of the accessed content.
 14. The system of claim 8, furthercomprising: an archiving system to determine a presence of protectionfor a received document and send notification of the received protecteddocument to the first computing device.
 15. A computer program productfor accessing protected content comprising: a computer readable storagemedium having computer readable program code embodied therewith, thecomputer readable program code comprising computer readable program codefor a first computing device configured to: determine one or more usersassociated with information required to access content of a protecteddocument based on a set of rules; and generate and send a request to atleast one second computing device associated with the one or moredetermined users to retrieve and utilize the required information toaccess the content of the protected document.
 16. The computer programproduct claim 15, wherein the computer readable program code furthercomprises computer readable program code for the at least one secondcomputing device configured to: request permission to access the contentof the protected document from an associated determined user and accessthe content in response to obtaining the permission.
 17. The computerprogram product of claim 15, wherein the computer readable program codefor the first computing device further comprises computer readableprogram code configured to: provide an interface to receive the requiredinformation from a determined user and utilize the received informationto access the content of the protected document.
 18. The computerprogram product of claim 17, wherein the interface includes a virtualdesktop with an application that requests and utilizes the requiredinformation to access the content of the protected document.
 19. Thecomputer program product of claim 18, wherein the computer readableprogram code for the first computing device further comprises computerreadable program code configured to: limit operations on the virtualdesktop to prevent modification of the accessed content.
 20. Thecomputer program product of claim 15, wherein the protected document isreceived at an archiving system and is protected via at least one ofencryption and password protection, and wherein the computer programproduct further comprises computer readable program code for thearchiving system configured to: determine a presence of protection for areceived document and send notification of the received protecteddocument to the first computing device.